CISO View – The Week’s Best News – 2021.01.08

A Review of the Best News of the Week on Cybersecurity Management & Strategy

Latest on the SVR’s SolarWinds Hack (Schneier on Security, Jan 05 2021)
“The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that).

Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points:

The breach is far broader than first believed. Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained “

Ticketmaster fined $10 million in corporate espionage scheme (SC Media, Dec 31 2020)
Ticketmaster tried to steal both a client and design ideas from a competitor by logging into the back-end system with a former employer’s login credentials.

FireEye’s Mandia: ‘Severity-Zero Alert’ Led to Discovery of SolarWinds Attack (Dark Reading, Jan 07 2021)
CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.

Happy New Year!
Hello 2021! Since I started this curated newsletter in June 2017, I’ve clipped ~18,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Cisco, Intel, Deloitte Among Victims of SolarWinds Breach: Report (Dark Reading, Dec 21 2020)
The Wall Street Journal identified 24 businesses so far that have downloaded the SolarWinds software infected with malicious code.

Breakup Plan for Cyber Command and NSA (Infosecurity Magazine, Dec 21 2020)
Trump administration reveals plan to split up leadership of US Cyber Command and the National Security Agency

GDPR Fines Exceeded €170 Million in 2020 (SecurityWeek, Jan 05 2021)
Fines issued for violations of the EU’s General Data Protection Regulation (GDPR) in 2020 exceeded €170 million, or roughly $200 million.

Survey says, women in cyber make 31 percent less than men (SC Media, Jan 05 2021)
The ever-widening cyber skills gap necessitates the closing of the gender pay gap, say experts. A few new initiatives attempt to do that.

State Dept. to Create New Cybersecurity & Technology Agency (Dark Reading, Jan 07 2021)
Bureau of Cyberspace Security and Emerging Technologies (CSET) will serve as diplomatic arm for US cybersecurity interests.

Biden’s pick as White House cyber czar provides critical federal leadership and diversity (SC Media, Jan 07 2021)
NSA’s Anne Neuberger will assume her new role on the heels of some other shifts among cyber leaders: John Costello resigned as deputy assistant secretary for intelligence and security at the Commerce Department, and ousted CISA director Chris Krebs is heading to SolarWinds.

The post Biden’s pick as White House cyber czar provides critical federal leadership and diversity appeared first on SC Media.

How BISOs bridge the gap between corporate boards and cybersecurity (SC Media, Jan 04 2021)
As the business world fully embraces the necessity of cybersecurity, a new dilemma has emerged: How to bridge the gap between business leaders and cyber professionals. It’s becoming increasingly clear that boards need to address cyber threats, rather than just leaving it up to their IT department.

Chinese APT Group Linked to Ransomware Attacks (Infosecurity Magazine, Jan 05 2021)
APT27 pegged for financially motivated raids

SolarWinds Claims Execs Unaware of Breach When They Sold Stock (SecurityWeek, Dec 22 2020)
Texas-based IT management and monitoring solutions provider SolarWinds told the U.S. Securities and Exchange Commission (SEC) that its executives were not aware that the company had been breached when they decided to sell stock.

Transitioning from vulnerability management to vulnerability remediation (Help Net Security, Dec 29 2020)
Like many people, I’m glad 2020 is almost over. I am, however, excited about 2021. Here are three trends I believe will impact how well (or not) companies will be able to remediate vulnerabilities. 2021 will be the year of cloud vulnerability

Apple Loses Copyright Suit Against Security Startup (SecurityWeek, Dec 29 2020)
A federal judge Tuesday dismissed Apple’s copyright infringement lawsuit against cybersecurity startup Corellium in a case which could have implications for researchers who find software bugs and vulnerabilities.

Cyber-Attack on US Laboratory (Infosecurity Magazine, Jan 04 2021)
Apex Laboratory discloses summertime cyber-attack

Slack Outage Causing Enterprise Security Hiccups (SecurityWeek, Jan 04 2021)
Business communications platform Slack is scrambling to recover from an ongoing outage that is proving disruptive to cybersecurity response teams around the world.

Most Public Sector Victims Refuse to Pay Ransomware Gangs (Infosecurity Magazine, Jan 06 2021)
Veritas data suggests government orgs are best at recovering data

Trump Widens US Ban on Chinese Apps as His Term Nears End (SecurityWeek, Jan 05 2021)
President Donald Trump has signed an executive order banning transactions with eight Chinese apps including Alipay and WeChat Pay in an escalation of a trade war that has been unfolding through most of his term.

British Airways Plans £3bn Breach Settlement (Infosecurity Magazine, Jan 06 2021)
British Airways to start £3bn settlement discussions over data breaches affecting 500,000 customers

NSA Issues Guidance on Replacing Obsolete TLS Versions (SecurityWeek, Jan 07 2021)
The National Security Agency (NSA) this week issued guidance for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) cybersecurity decision makers, system admins, and network security analysts to replace obsolete versions of the Transport Layer Security (TLS) protocol.

Share on facebook
Share on twitter
Share on linkedin